By Puneet Gupta, Executive Director and Country Head – India, Virsec
The onslaught of cyberattacks appears relentless, typically followed by advisories on what to do and what not to do. And yet there seems to be no end to woes faced by enterprises and businesses from cyber threats. So why is the endgame not in sight? A fundamental limitation arises because today’s security solutions were built to solve yesterday’s cyberthreats. In other words, they are considerably behind the challenges faced by regional businesses today.
The Evolution of Security Tools
The first generation of cybersecurity tools were built to strengthen the network like firewalls. They were built to protect the perimeter from the outside but are ineffective once the threat is within. These tools also cannot protect threats targeted at applications. The next generation of cybersecurity tools were built to protect endpoints, devices, and workstations. These solutions depend on an endless library of threat signatures and policies and exclude protection for servers.
A fundamental mistake made, according to Gartner, is using an endpoint solution to protect servers. Verizon’s Data Breach Investigation Report (DBIR) indicates the majority of attacks are targeting servers, and not endpoints. Servers manage application workloads and today’s businesses all run on applications. Compromise the server and the business will shut down.
Conventional cybersecurity solutions have not been able to keep up with business applications that have exploded in numbers, complexity, inter-connectivity, and distribution. New applications are being generated when there are new platforms and new uses cases, emerging from cloud, mobile, 5G, edge computing, IoT, and open-source architectures.
A New Approach to Protection
Application workloads no longer run from just one location but take on a hybrid format including on-premises, cloud, virtualized, containers and serverless. This distributed nature of workloads means they have a wider attack surface as well as a more complex one. It is fair to assume that threat actors have already penetrated an organization’s network and leverage vulnerabilities as applications run in-memory. The right approach is to protect servers, not endpoints, from the inside.
To deliver effective cybersecurity, you need to:
1. Take a new approach to security
Today’s network tools do not recognize, either safe traffic or malicious traffic and need to be trained to perform. Newer techniques like machine learning generate significant false alerts, interrupting business processes. Alerts from endpoint detection tools need to be verified and traced usually taking days and months, allowing threat actors to sometimes escape with crown jewels.
2. Understand that runtime is the new battleground
Conventional cybersecurity solutions operate before or after applications begin to run. Most security tools look at the duration when applications are running as a black box. Detecting in-memory attacks are challenging since they are only present when the application is loaded and executed.
3. Reduce the attack surface — protect the application stack
This approach focuses on what applications are meant to do, with continuous monitoring, and ensuring they do not deviate. Since threat attackers know how to bypass the perimeter and arrive at the applications, it is critical to protect the execution of applications. Threat vectors begin at the web layer, then move to runtime memory and then further, the host system.
4. Develop a winning cybersecurity strategy beyond patching
Building security by patching is a never-ending game that businesses can never win. In today’s world, all applications need to be patched whether legacy or modern and running on any platform – on-premises, cloud, or containers. The NIST Vulnerability Database tracks more than 30,000 new vulnerabilities every year, while average time to remediate is close to 100 days, according to Ponemon.
5. Invest in true runtime protection solutions
Any real-world business runs on a combination of legacy and modern applications extending into cloud, hybrid, edge, container, or serverless. Legacy applications cannot be retired, are also nearly impossible to patch, and cannot be upgraded overnight. The shift to remote working and remote access has exposed legacy applications that lack modern-day security controls.
It is imperative to break the cycle of replacing old, failed cyber security solutions with newer ones that are also intended to fail. True runtime protection protects both legacy and modern applications, prevents attackers from exploiting their malicious code and ensures that the applications will run as intended.